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U.S. DEPARTMENT OF 
HOUSING AND URBAN DEVELOPMENT 
OFFICE OF INSPECTOR GENERAL 


JUL - 5 2018 


Enuna Best 

News Reporter 

MuckRock News 

Dept MR 74293 

411A Highland Avenue 

Somerville, MD 02144-2516 

RE: Your Freedom of Information Act (FOIA) Request 
FOIA Control No.: 19-IGF-OIG-00053 



Dear Ms. Best: 

This responds to your e-mail Freedom of Information Act (FOIA) request dated 
June 5,2019, to the U.S. Department of Housing and Urban Development (HUD), Office of 
Inspector General (OIG). Your request was received in this office on June 5,2019. 

You requested "^copies of records mentioning or describing audits, reviews, investigations 
or reports regarding the agency’s cyber security, including audits or investigations regarding 
the state of the agency’s cyber security regarding potential attacks as well as audits and 
investigations conducted in the wake of a suspected or actual cyber attack.” You also requested 
^‘■materials generated between 1 January 1996 and 30 June 2016.” 

Enclosed are 4 pages of list responsive to your request. We have found reports on our 
website and is available free of charge. We are providing you with a link to this information at: 
httDs://www.hudoig.gov/search?search ani fulltext=FISMA+reports . This request constitutes a 
full grant of your request. 

For future reference, access to OIG reports can be obtained by accessing the HUD-OIG 
website at: http://www.hudoig.gov/librarv/audits-evaluations . If this data is not totally 
responsive to your request, we ask that you submit another FOIA request specifically detailing 
what additional information you want released. 

Please be advised that Kim Randall, Acting Assistant Inspector General for Audit is the 
official responsible for this response. 
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If you are not satisfied with the response to this request, you may administratively submit an 
appeal pursuant to the Office of Inspector General’s Freedom of Information Regulation, 24 CFR 
§ 2002.23 (2018). This regulation provides for administrative review by the Inspector General of 
any denial of information. Your appeal must be postmarked or electronically transmitted within 
90 days of the df it e of the response to your request. Both the letter and the envelope should be 
clearly marked “Freedom of Information Act Appeal.” Your appeal should be addressed to the 
FOIA Appeal Specialist, Office of Legal Counsel to Inspector General, U.S. Department of 
Housing and Urban Development, 451 7* Street, SW, Suite 8186, Washington, DC 20410, and 
should be accompanied by a copy of your initial request, a copy of this letter and your statement 
of circumstances, reasons and arguments supporting disclosure of the requested information. 

Additionally, you may contact the Office of Government Information Services (OGIS) at the 
National Archives and Records Administration to inquire about the FOIA mediation services 
they offer. The contact information for OGIS is as follows: 

Office of Government Information Services, 

National Archives and Records Administration, 

8601 Adelphi Road-OGIS, 

College Park, Maryland 20740-6001 
E-mail: ogis@nara.gov ; 

Telephone: (202) 741-5770; 

Toll free: 1-877-684-6448, or 
Facsimile: (202)741-5769. 

• 

I trust that this information satisfies your request. If you need any further assistance or 
would like to discuss any aspect of your request please do not hesitate to contact our FOIA 
Requester Service Center at (202) 708-1613. Please reference the above FOIA number when 
making inquiries about this matter. 

Sincerely, 

/s/ 

Government Information Specialist (FOIA/PA) 
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HUD Fiscal Year 2018 Federal Information Security Modernization Act of 2014 (EISMA) Evaluation Report 

The Federal Information Security Modernization Act of 2014 (FISMA) direrts Inspectors General to conduct an annual evaluation of the agency 
Information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (0MB) and National 
Institute of Standards and Technology (NIST) establish information technology (IT) security gui 

October 31.2018 Report #20180E-0003 

HUD Fiscal Year 2017 Federal Information Security Modernization Act Of 2014 (FISMA ) Evaluation Re port 

The Federal Information Security Modernization Act of 2014 (RSMA) directs Inspectors General to conduct an annual evaluation of the agency 
information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (0MB) and National 
Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. 

October 31,2017 Report #2017-OE-0007 



The Federal Information Security Modernization Act of 2014 (RSMA) directs Inspectors General to conduct an annual evaluation of the agency 
information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (0MB) and National 
Institute of Standards and Technology (NIST) establish Information technology (IT) security guidance and standards for Federal agencies. 

November 09,2016 Report #2016-OE-0006 

Federal Information Security Modernization Act (FISMA ) Fiscal Year 2015 Evaluation Re port 

The Federal Information Security Modernization Act of 2014 (RSMA) directs the Office of Inspector General (OIG) to conduct an annual 
evaluation of the U.S. 

November 19,2015 Report #2015-OE-0001 



The Federal Information Security Management Act of 2002 (FISMA) directs the Office of Inspertor General (OIG) to conduct an annual 
evaluation of the U.S. . 

November 13,2014 Report #2014-OE-0003 



The Federal Information Security Management Act of 2002 (FISMA) directs the Office of Inspector General (OIG) to conduct an annual 
evaluation of the U.S. 

November 28,2013 Report #2013-OE-0001 

FY 2010 FISMA 

We have completed an audit of the U.S. Department of Housing and Urban Development's (HUD) Information security program. We evaluated 
whether HUD's Office of the Chief Information Officer (OCIO) had developed security policies, implemented procedures, and continuously 
monitored its entitywide information system security program. 

February 09,2011 Report #2011 -DP-0005 
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